Debian alert DLA-3002-1 (adminer) [LWN.net]


From:
               Chris Lamb <lamby@debian.org>
To:
               debian-lts-announce@lists.debian.org
Subject:
               [SECURITY] [DLA 3002-1] adminer security update
Date:
               Fri, 13 May 2022 13:07:00 -0400
Message-ID:
               <165246146492.118384.913246763086830924@copycat>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3002-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
May 13, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : adminer
Version        : 4.2.5-3+deb9u3
CVE ID         : CVE-2021-43008

It was discovered that there was an issue in the web-based database
tool Adminer whereby an attacker could have performed an Arbitrary
File Read on the remote server by requesting Adminer connect to a
crafted remote MySQL database.

For Debian 9 "Stretch", this problem has been fixed in version
4.2.5-3+deb9u3.

We recommend that you upgrade your adminer packages.

For the detailed security status of adminer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/adminer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJ+j5YACgkQHpU+J9Qx
Hlh6og//YlkuWzF4vnjl98j+9EyKaDxNYK2ASgpUSM4IrV1TW4LQqv9R+WNiZUIg
x9FRhXTgEBh3ANZeGQqLDKlszNRZhS5sBwVxjuI2lU1b4j6guI/mRti5sAXf5Bbb
I7YnlOdtfVu3Ap9ZzNvagQiRJNPgbNjOz3xAGsbSl6kvHCI2mqDb1hZzHbrOpEtf
Cn0LSah7St6V4LTqbaOiHw+WR6C5gf7Hu3hntxLozaXBYshLWgmUgLWblfNonNst
a39AbWgCtoK+aPJQd4VbRo2rwpNllEiR+6zR8IFnIpFN0mpOmnpdf2gq5fyhxmW0
rksWoH9on2+Mx6wRfKpAI1kOG17t7z2iTrBhjEjEnTiI3TIeb7fdnFoHTcKH5FYU
JavRjp7DNRPfk44zwUA99J0ysyLuAIrH6VMQI7IbSVnC24YBKBxaDCKr5Xl1txGL
B50EcAt3dKIUVNRfmfZiPQCoNTIYXCB5ionkGc9AReebKc/pFJJpDC3/Kw9usGin
JYV4pXIY9CFzKMrVEH13dDTcKcSPo1ZS+DSTP/0Z/xVgMEtbd0MJWFzdHY6Y3OdN
NVrbRRQ1j3QjoyoBQW1cSuIF84QWkMC5eRETNuJCHYXkFlaQIZbjXU4avS2MB5Qh
NRJ4A01zIo3PsLQK3dAWTFSpNiIf8BZ2pGYz4A20MC70RoqskUQ=
=I96e
-----END PGP SIGNATURE-----

From:		Chris Lamb <lamby@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 3002-1] adminer security update
Date:		Fri, 13 May 2022 13:07:00 -0400
Message-ID:		<165246146492.118384.913246763086830924@copycat>